In the weekly meeting this Tuesday, David suggested that the idea of using mobile phones to replace the id card from an undergraduate (Joe, Lester’s student) has a similar scenario with e-Certificate. After talking with Joe and giving her a possible system solution, I do realize there are quite a lot similar scenarios. Actually, this remains me what I read in my first year of PhD study: I was interested in pervasive computing, and one of its goal is all in handsets — no keys, no wallets, no id cards. All of them are integrated into mobile terminals, the only device you will carry when you leave the house. Of couse, there are quite a number of challenges required to be met before this vision comes into being, especially the security and privacy issue.
Based on the system design from Lisha, I do believe it is possible to establish a general system infrastructure to solve security issues in similar scenarios. The following is the informal and basic idea I have so far (no detailed technical discussion).
* Traditional (some paper-based) entities are and will be changed into electronic version
* Security issues required by the electronic version entities: confidentiality (only right users can view), integrity (entities can not be modified by a malicious adversary), authentication (electronic entities can determine and prove what the owners claim)
* electronic entities are issued (can be re-issued) by various departments (e.g. universities, goverment, banks), and there are no central systems that store them (people will not trust such a central system).
System Members: issuers, inspectors, owners (with their electronic entities)
System Workflow: issuers issue e-entities to owners; owners keep their e-entities (on their laptop or mobile handhelds); owners send their entities to inspectors, and inspectors verify e-entities with verification systems (local or remote).
I lose keeping technical track of pervasive computing since finishing the PhD, and believe there should be similar security frameworks designed by others (maybe not). However, our system in the eCert project must be able to show advantages if applying it in the pervasive computing field. At least, the output of this general system infrastructure could be a conference paper.